Technical Analysis of a Novel IMEEX Framework

Oct. 14, 2024, 11:15 a.m.

Tags
malware
windows
persistence
infrastructure
stealth
2024-10-14
imeex
External References
Description

The IMEEX framework is a newly discovered, custom-built malware targeting Windows systems. Delivered as a 64-bit DLL, it offers extensive control over compromised machines, featuring execution of additional modules, file manipulation, process management, registry modification, and remote command execution. It primarily targets Djibouti and Afghanistan, gathering system information and communicating with its command-and-control server over encrypted channels. The framework employs advanced techniques like masquerading as legitimate processes, mutex creation, and encrypted communications to maintain persistence and evade detection. Its modular approach, robust capabilities, and potential infrastructure overlap with ShadowPad suggest an evolution in threat actor tactics.

Date

Published: Oct. 14, 2024, 10:57 a.m.

Created: Oct. 14, 2024, 10:57 a.m.

Modified: Oct. 14, 2024, 11:15 a.m.

Indicators

94b8a01ad4b53d202984afb6781d7f88cb5cd329349791516e985ea88e08ad66

7d02ad54e4e56f34e59414f9b02397901fc61bb1158a31ab2586fe62564aeb93

7a3113d3212605a33924ad16ab360b7d48cc94de0de1c1cf9dc44695d4a01648

6fcd206752cd87c26909ed3751b94eb8ef14cd1567d3757cae7fa0b89d3f77c7

3e25798da0232d9039e570fb34d4bdccf7f082fa38b486a097d954f5f3debab3

45.141.139.146

Download all indicators here!

Attack Patterns

IMEEX

T1009

T1122

T1497

T1021

T1489

T1105

T1055

T1036

T1112

T1059

Additional Informations

Djibouti

Afghanistan